In total users' names, usernames, and addresses
were all lost. They also lost users' passwords, indicating that their
passwords may not have been hashed -- or at the very least weren't salted (a
cryptographic technique to increase the difficulty of a foreign party reversing
a hash).

Sony also says that credit card info may have been
lost, though it says it isn't sure.

In an update the company admits that it waited an
entireweek before telling customers that it had
lost their info. The companywrites:

There’s a difference in timing between when we identified there
was an intrusion and when we learned of consumers’ data being compromised. We
learned there was an intrusion April 19th and subsequently shut the services
down. We then brought in outside experts to help us learn how the intrusion
occurred and to conduct an investigation to determine the nature and scope of
the incident. It was necessary to conduct several days of forensic analysis,
and it took our experts until yesterday to understand the scope of the breach.
We then shared that information with our consumers and announced it publicly
this afternoon.

Some in the U.S. government have taken notice and
they're not happy. Senator
Richard Blumenthal(D-Connecticut) is "demanding answers" from
Sony. He writes [press
release], "When a data breach occurs, it is essential that customers
be immediately notified about whether and to what extent their personal and
financial information has been compromised. Compounding this concern is the
troubling lack of notification from Sony about the nature of the data
breach."

The loss of credit card info is particularly
disturbing. If the information is used to commit fraud, there's a strong
likelihood that at least some customers' scores with the three major U.S.
credit bureaus -- Equifax, Experian and TransUnion -- will be damaged. In
cases of identity theft, the bureaus are supposed to work with individuals to
fix their file and cleanse their record, but that process can take years and
much grief.

Stealing customers' data seems out of character
for most members of Anonymous, but it's important to remember that the group is
very loosely organized and that its members have a wide range of philosophies
when it comes to security and computer crime, so anything is possible.

Sony even writes:

4. Is the attack by “Anonymous” or another party?

We are currently conducting a thorough investigation of the situation. Since
this is an overall security related issue, we cannot comment further at this
time.

The company has a FAQ page that outlines many
questions people might have and answers. For example, it writes:

3. Why was Sony not prepared for a compromise of its network?

We are currently conducting a thorough investigation of the situation. Since
this is an overall security related issue, we cannot comment further at this
time.

However, a Congressman getting involved in this is like using a bulldozer on your flower beds. It won't do the job, it'll tear up the flower beds (and house), but by God the neighbors will know you were serious about your flowers!!